Featured case studies

Security

Decideware provides software solutions which enable advertiser clients to assess, manage, and monitor marketing agency and strategic supplier relationships and performance. It is a key responsibility for Decideware to protect all sensitive and confidential information entrusted to Decideware from the rapidly evolving nature of security threats that may affect business operations and the organizations reputation.

The Chairman, CEO, Senior Management and all employees are committed to an effective Information Security Management System in accordance with Decideware’s strategic business objectives.

Decideware considers Information Security aspects as a top priority for client confidence, legal, regulatory and contractual compliance and is committed to ensuring all information is handled in a secure manner and maintaining the ISMS to meet the requirements of ISO27001:2013 and ISO70018:2015.

Objective

To ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In deploying the Decideware ISMS, the Management Team aims to maintain existing known risks at their current low level and ensures that new and changing risks are managed in an equally consistent and professional manner.

Purpose

To protect both Decideware and Decideware’s clients’ physical and electronic information assets from all threats, both internal and external, deliberate or accidental.

Confidentiality: ensuring only persons who are authorized have access to information

Integrity: ensuring the purity, accuracy and completeness of information

Availability: ensuring information, associated assets, and systems can be accessed when required by authorized persons

Regulatory: regarding regulations, laws and codes of practice in each country where it operates as a minimum standard in its Information security management standard

Decideware will:

Ensure that Decideware’s management and employees comply with the requirements of the Policy and that confidentiality of information will be maintained

Minimize the risk of damage to company assets, information, reputation, hardware, software or data

Ensure that Decideware’s people and computer systems do not infringe any copyright, licensing or laws

Set out clearly Decideware’s policies relating to all aspects of the management of information, hardware, firmware, software and prevention and detection of malware

Define a systematic approach to risk assessment by identifying a method that is suited to the ISMS, the identified business information security, legal and regulatory requirements and setting policy and objectives for the ISMS to reduce risks to acceptable levels

Maintain business continuity plans and ensure these are tested and effective (as far as practicable)

Provide appropriate training for all employees

Maintain the ISMS based on a schedule of Internal and external audits.

Review the Information Security Management Policy on an annual basis or when significant legislation or organization changes require an update

Responsibilities and delegations

The overall responsibility for ensuring that the Policy is implemented, developed and reviewed effectively rests with the Chief Executive Officer. This responsibility will be delegated throughout the management structure reflecting Decideware’s continued commitment to Security at all levels.

The Chief Information Officer has direct responsibility for maintaining the Policy and providing advice and guidance on its implementation. The Chief Information Officer is responsible for the monitoring, evaluation and reporting of compliance to the Policy.

All managers are directly responsible for implementing the Security Policy within their business areas, and for adherence by their staff.

It is the responsibility of each member of staff to be familiar with and adhere to the Policy and relevant standards and procedures. Failure to adhere to the Security Policy may result in disciplinary action.

This statement represents Decideware’s general position on Information Security issues, and the policies and practices applied in conducting business.